nhbmark Posted August 7, 2010 Share Posted August 7, 2010 HEllo, As you all know During the check out processes the client has the ability to upload a attachment. I just had someone attach a php file... I looked at it, and it is a hacker page saying,, hacked by...so and so..ive attached this below.. question is..can someone hack a page through this type on method? <<snipped>> 0 Quote Link to comment Share on other sites More sharing options...
laszlof Posted August 7, 2010 Share Posted August 7, 2010 I wouldnt think so. The file would need to be accessible via the web. 0 Quote Link to comment Share on other sites More sharing options...
BenMcGarry Posted August 7, 2010 Share Posted August 7, 2010 Looking at its code that would be a manual file edit. You cant really exploit PHP files unless you have a script that is vulnerable. 0 Quote Link to comment Share on other sites More sharing options...
mylove4life Posted August 7, 2010 Share Posted August 7, 2010 more than likely this was a bot.... I would not worry about it.. I would look at the IP's of where it's comming from and block the IP's tho... 0 Quote Link to comment Share on other sites More sharing options...
nhbmark Posted August 7, 2010 Author Share Posted August 7, 2010 Hello, Ok well it seems this guy got into my admin area, changed the admin password and email. He has been making fake accounts..etc.. one thing i have noticed over the last few days..I have not been getting my automatic backups. 0 Quote Link to comment Share on other sites More sharing options...
WHMCS CEO Matt Posted August 7, 2010 WHMCS CEO Share Posted August 7, 2010 As you all know During the check out processes the client has the ability to upload a attachment. Erm no they don't! There's no file upload ability during the order process. If you've got that then it's presumably something custom you've added so the security of that would be down to your own coding. Matt 0 Quote Link to comment Share on other sites More sharing options...
mylove4life Posted August 7, 2010 Share Posted August 7, 2010 right, missed that part he was taking about... for sure it's in added coding... 0 Quote Link to comment Share on other sites More sharing options...
othellotech Posted August 7, 2010 Share Posted August 7, 2010 all this thread is doing is providing even more advertising for these scum by leaving the urls and text intact ! 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.